Certificate Revokation

Certificate revocation is the act of invalidating a Digital Certificate before its expiration date. Certificates that are revoked are stored in the Certificate Revocation List(CRL). This option should be executed when the purpose is to rotate a single certificate (but not the identity). By doing this, the certificate is revoked from storage and added to the CRL section.

How to revoke certificates

Navigate to the CA section on the left panel of your dashboard and select your CA - Under Identities tab, Select the identity of the peer to be Revoked and execute the Revoke option as shown in the image below.

Revoke Certificates - List of identities
Figure 1. Revoke Certificates - List of identities

After being revoked, a certificate is added to the CRL. However, this is a local CRL, meaning it has still not been shared through the Fabric network, and it must be in sync throughout all the channels.

To do so, navigate to Your MSPs section on the left panel of your dashboard. A warning icon is displayed as shown in the image below. This is because the local MSP is not synced with the CRLs of the CAs. By clicking on the alert button it will automatically sync itself. In case there are multiple CAs, this CRL is merged by default.

Revoke Certificates MSP
Figure 2. Revoke Certificates - MSP

Now, the updated local MSP is not in sync with the System and Application Channels and has to therefore be updated starting with the System Chanel as this is where the network configurations are stored.

To navigate to your system channel definition: click on the Orderers section on the left panel of your dashboard and then select System Channel.

Under the Ordering Tab, your Organization will have a warning displayed. This alerts the user that Catalyst Blockchain Manager has detected a new update to your MSP that is still not being used by the channel.

Execute the option of Sync local MSP → channel MSP as shown bellow.

Revoke Certificates Sync MSP on system channel
Figure 3. Sync MSP on system channel

Once the System Channel has updated the certificate, it is time to update each of the Application Channels.

Navigate to the Channels section on the left panel of your dashboard and select the channel that you desire to update.

Your Organization will have a warning displayed. This alerts the user that Catalyst Blockchain Manager has detected a new update to your MSP that is still not being used by the channel.

Execute the option of Sync local MSP → channel MSP as shown bellow.

Revoke Certificate Sync MSP on application channel
Figure 4. Sync MSP on application channel